how big is this issue?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

how big is this issue?

Post by rami »

i have found a web application which must probably is written in php 3 ...its seems that the whole application was written using register global on...
its doesnt use things like .....$_POST,$_GET......a variables of one page is available in another page directly when page is called..
i am using php 4 in local computer . under default config...where i think global registers are off...
so i can see all the warning..notice all over ..some pages works but application doesnt work completely..i made many part of application using GET and POST ..where required...but there too many..(the script is not syntaxically no where wrong but it has not used any get,post...and may be was written with global reg on)

i uploaded the original files to my server..internet server..(with out edit) it worked perfectly fine with out any notices..and errors...
(i think global reg are on)

so should i continue with the script...or should i abandon it...(should i turn my local setting global reg on)..and just continue it..
will be there any security problem using such pre script....i have no second option as i didn found any other free script for it...
well i think its is supressing those notices...online..is it good practice to do so...
please any suggestion...
example of programming..

Code: Select all

<?php //begin of page
s
   if ($random == 1) {

     $jokeid = get_random_joke(1);

   } else {

      $jokeid = $id;

   }//directlty $random is used with any  pre declare so is $id so it gives notice...
actually think that roughly should be 
   $jokeid = ( isset($_GET['id']) ) ? $_GET['id'] : $_POST['id'] ; //this script is so..

second example
   <?php

                           if ($listtype == "") {
                              $listtype = 1;
                           }
					
                           if ($catid != "") {
                              $listtype = 4;
                           }
/*$listtype directly used ...actually that list type is being passed from another page in GET  array...but it is directly accessible...so is that catid*/
//even all the POST of form are used so..


loggedin = true;
         session_register("loggedin");..old style session..
so what should i do
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If you want to use the script, fix it up so it doesn't rely on register_globals or old session setting ways and so forth. It's not entirely lost, just needs updating.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

How many lines is the script and how it is being used? If it is small you may want to upgrade it. If it is large you may want to suffer register globals. I would recommend turning off register globals and then turning it on only for the scripts that require it.
(#10850)
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

Post by rami »

arborint wrote:How many lines is the script and how it is being used? If it is small you may want to upgrade it. If it is large you may want to suffer register globals. I would recommend turning off register globals and then turning it on only for the scripts that require it.
the whole post and get part is taken with reg on
as i can see nowhere in script as
_POST['var'] or _GET['VAR' though form are used so are passing varibales from one page to others...
so i must do it...
what to do...
as my server has put it on i guess reg globl are any how gong to be on...
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Do not use a script that relies on register globals. Not at all. Make the script work as though RG were off.
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

Post by rami »

Everah wrote:Do not use a script that relies on register globals. Not at all. Make the script work as though RG were off.
ya i have made it worked with out reg global being on...i have tested it locally weith that setting using get,post and session where required...
so should i use that script now..or i should still fall in problem later...
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

I'm having trouble trying to understand what you say, but if you're saying it works w/o register globals on.. go ahead and use it.
Post Reply